All Projects

ProjectCategoryTask TypePrioritySeveritySummaryStatusProgress
PackagesAnyPrivacy IssueVery HighCritical [libreoffice*] contains Google API keys Closed
100%
Task Description

Libreoffice contains Google API keys which affects privacy.

PackagesAnySecurity IssueVery HighCritical [linux-libre-lts*] Meltdown & Spectre Vulnerability Closed
100%
Task Description

Multiple CVEs. Unprivileged programs can gain access to a hardware bug in the CPU, and thereby initiate memory dumps and other low-level attacks.

PackagesAnySecurity IssueVery HighCritical [libressl] add package as OpenSSL replacement and defau ...Closed
100%
Task Description

LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes.

It was forked from the OpenSSL in April 2014 as a response by OpenBSD developers to the Heartbleed security vulnerability in OpenSSL, [4] [5] [6] [7] with the aim of refactoring the OpenSSL code so as to provide a more secure implementation. [8]

As LibreSSL follow the same goals than Hyperbola Packaging Guidelines in stability and security concerns, it should be the default provider of SSL and TLS protocols for Hyperbola Project.

PackagesAnySecurity IssueVery HighCritical [avahi] blacklist package since it's a zeroconf impleme ...Closed
100%
Task Description

Avahi is a zero-configuration networking implementation that contains critical security issues because mDNS operates under a different trust model than unicast DNS trusting the entire network rather than a designated DNS server, it is vulnerable to spoofing attacks by any system within the multicast IP range. Like SNMP and many other network management protocols, it can also be used by attackers to quickly gain detailed knowledge of the network and its machines. [0]

Since it violates the Hyperbola Social Contract , Avahi should be blacklisted.

PackagesAnyFreedom IssueVery HighCritical [warsow] contains Steam support Closed
100%
Task Description

Warsow contains a library called steamlib which is built from the source. It’s useful only for Steam support which is nonfree software.

PackagesAnySecurity IssueVery HighCritical [xen] multiple security issues: CVE-2018-10472, CVE-201 ...Closed
100%
Task Description

http://openwall.com/lists/oss-security/2018/04/30/1 http://openwall.com/lists/oss-security/2018/04/30/1 An attacker supplying a crafted CDROM image can read any file (or
device node) on the dom0 filesystem with the permissions of the qemu
devicemodel process. (The virtual CDROM device is read-only, so
no data can be written.)

http://openwall.com/lists/oss-security/2018/04/30/2 A malicious or buggy guest may cause a hypervisor crash, resulting in
a Denial of Service (DoS) affecting the entire host.

http://openwall.com/lists/oss-security/2018/05/11/1 A malicious unprivileged device model can cause a Denial of Service
(DoS) affecting the entire host. Specifically, it may prevent use of a
physical CPU for an indeterminate period of time.

http://openwall.com/lists/oss-security/2018/05/11/2

[critical]
A malicious or buggy HVM guest may cause a hypervisor crash, resulting
in a Denial of Service (DoS) affecting the entire host. Privilege
escalation, or information leaks, cannot be excluded.

Patches provided by upstream.

PackagesAnySecurity IssueVery HighCritical [wget] - GNU Wget Cookie Injection CVE-2018-0494 Closed
100%
Task Description

An external attacker is able to inject arbitrary cookie values cookie jar file,
adding new or replacing existing cookie values.
http://openwall.com/lists/oss-security/2018/05/06/1

Fixed in GNU Wget 1.19.5 or later.

PackagesAnyFreedom IssueVery HighCritical [rust][cargo] trademark agreement affects user freedom Closed
100%
Task Description
Uses that require explicit approval
Distributing a modified version of the Rust programming language or the Cargo package manager and calling it Rust or Cargo requires explicit, written permission from the Rust core team. We will usually allow these uses as long as the modifications are (1) relatively small and (2) very clearly communicated to end-users.
Selling t-shirts, hats, and other artwork or merchandise requires explicit, written permission from the Rust core team. We will usually allow these uses as long as (1) it is clearly communicated that the merchandise is not in any way an official part of the Rust project and (2) it is clearly communicated whether profits benefit the Rust project.
Using the Rust trademarks within another trademark requires written permission from the Rust core team except as described above.

Since it violates the freedom to redistribute without “explicit” approval, this is a freedom issue.

PackagesAnyDrop RequestVery HighCritical [cgmanager] unmaintained and unsupportable Closed
100%
Task Description

The CGManager project has been deprecated in favor of using the kernel’s CGroup Namespace or lxcfs’ simulated cgroupfs.

See https://s3hh.wordpress.com/2016/06/18/whither-cgmanager/ for details.

PackagesAnyDrop RequestVery HighCritical [pm-utils] unmaintained and unsupportable Closed
100%
Task Description

pm-utils is no longer maintained from a long time . Therefore, it should be removed from repos since Hyperbola contains an amendment about anti-abandonware through its packaging guidelines .

Software DevelopmentHyperBKImplementation RequestVery HighCriticalDevelop HyperBK based on OpenBSD kernel + LibertyBSD sc...Deferred
0%
Task Description

Develop HyperBK (Hyper Berkeley Kernel) based on OpenBSD‘s kernel LibertyBSD‘s scripts to deblob and rebrand kernel for HyperbolaBSD.

TODO:

  • Download LibertyBSD scripts to deblob and rebrand kernel from their scripts.
  • Push source to HyperBK’s project.
  • Rebrand OpenBSD kernel to HyperBK with LibertyBSD scripts.
  • Package HyperBK for HyperbolaBSD.

PATCHING NOTE

When the check concerns kernel, we obviously want to match with HyperBK.

Example of triplet check:	hyperbolabsd)
Example of uname -s check:	HyperbolaBSD)
Example of uname -r check:	1.0)
Example of C macro check:	defined(__HyperbolaBSD__)
PackagesAnyPrivacy IssueVery HighCritical [cutegram] only useful with Telegram service Closed
100%
Task Description

Description:
Cutegram is a Telegram client. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.

Additional info:

$ pacman -Si cutegram
Repository      : community
Name            : cutegram
Version         : 2.7.1-3
Description     : A different telegram client from Aseman team
Architecture    : x86_64
URL             : http://aseman.co/en/products/cutegram/
Licenses        : GPL
Groups          : None
Provides        : cutegram
Depends On      : qt5-imageformats  qt5-webkit  telegramqml>=0.9.1  libqtelegram-ae>=3:6.1
Optional Deps   : gst-plugins-bad: audio support
                  gst-plugins-good: audio and notification sound
Conflicts With  : cutegram-git  sigram-git  sigram  cutegram
Replaces        : cutegram-cn
Download Size   : 12.03 MiB
Installed Size  : 17.07 MiB
Packager        : Jiachen Yang <farseerfc@gmail.com>
Build Date      : Mon 25 Jan 2016 05:59:04 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnyPrivacy IssueVery HighCritical [libqtelegram-ae] only useful with Telegram service Closed
100%
Task Description

Description:
libqtelegram-ae is Telegram library written in Qt based on telegram-cli code. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.

Additional info:

$ pacman -Si libqtelegram-ae
Repository      : community
Name            : libqtelegram-ae
Version         : 3:6.1-4
Description     : Telegram library written in Qt based on telegram-cli code
Architecture    : x86_64
URL             : https://launchpad.net/libqtelegram
Licenses        : GPL3
Groups          : None
Provides        : None
Depends On      : qt5-base  qt5-multimedia
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 431.27 KiB
Installed Size  : 1999.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Wed 05 Apr 2017 07:16:39 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnyPrivacy IssueVery HighCritical [telegram-qt] only useful with Telegram service Closed
100%
Task Description

Description:
TelegramQt is a Telegram binding for Qt. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.

Additional info:

$ pacman -Si telegram-qt
Repository      : community
Name            : telegram-qt
Version         : 0.1.0-2
Description     : Qt bindings for the Telegram protocol
Architecture    : x86_64
URL             : https://github.com/Kaffeine/telegram-qt
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : qt5-base
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 204.80 KiB
Installed Size  : 747.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Sat 18 Feb 2017 06:49:55 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnyPrivacy IssueVery HighCritical [telegramqml] only useful with Telegram service Closed
100%
Task Description

Description:
TelegramQML are Telegram API tools for QtQml and Qml. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.

Additional info:

$ pacman -Si telegramqml
Repository      : community
Name            : telegramqml
Version         : 0.9.2-2
Description     : Telegram API tools for QtQml and Qml
Architecture    : x86_64
URL             : https://github.com/Aseman-Land/TelegramQML
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : qt5-webkit  qt5-imageformats  qt5-graphicaleffects  qt5-quickcontrols  libqtelegram-ae
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 401.03 KiB
Installed Size  : 1905.00 KiB
Packager        : Jiachen Yang <farseerfc@gmail.com>
Build Date      : Mon 25 Jan 2016 05:46:59 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnyPrivacy IssueVery HighCritical [telepathy-morse] only useful with Telegram service Closed
100%
Task Description

Description:
Telepathy-Morse is a Qt-based Telegram connection manager for the Telepathy framework. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.

Additional info:

$ pacman -Si telepathy-morse
Repository      : community
Name            : telepathy-morse
Version         : 0.1.0-1
Description     : Telepathy Connection Manager for the Telegram network
Architecture    : x86_64
URL             : https://github.com/TelepathyQt/telepathy-morse
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : telepathy-qt5  telegram-qt
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 90.80 KiB
Installed Size  : 351.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Fri 16 Sep 2016 11:49:33 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnyPrivacy IssueVery HighCritical [telepathy-kde-accounts-kcm] recommends Telepathy-Morse ...Closed
100%
Task Description

Description:
telepathy-kde-accounts-kcm contains the telepathy-morse package in its optdepends array. It should be removed since Telepathy-Morse provides support for Telegram, a nonfree server-side service that requires accounts tied to telephone numbers.

Additional info:

$ pacman -Si telepathy-kde-accounts-kcm
Repository      : extra
Name            : telepathy-kde-accounts-kcm
Version         : 17.04.0-1
Description     : KCM Module for configuring Telepathy Instant Messaging Accounts
Architecture    : x86_64
URL             : https://community.kde.org/Real-Time_Communication_and_Collaboration
Licenses        : GPL
Groups          : kde-applications  kdenetwork  telepathy-kde
Provides        : None
Depends On      : telepathy-qt  kaccounts-providers
Optional Deps   : telepathy-gabble: XMPP/Jabber accounts support
                  telepathy-haze: account types supported by Pidgin/libpurple
                  telepathy-morse: Telegram accounts support
                  telepathy-salut: link-local XMPP account support
Conflicts With  : None
Replaces        : None
Download Size   : 334.86 KiB
Installed Size  : 2111.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Sat 15 Apr 2017 06:47:59 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnySecurity IssueVery HighCritical [dropbear] CVE-2018-15599 Closed
100%
Task Description

User enumeration in Dropbear 2018.76 and earlier
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html

Patch: https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00

PackagesAnySecurity IssueVery HighCritical[openssh] CVE-2018-15919Researching
0%
Task Description

Remotely observable behavior in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration (or “oracle”) as a vulnerability.’ https://security-tracker.debian.org/tracker/CVE-2018-15919

PackagesAnySecurity IssueVery HighCritical [mutt] CVE-2018-14354 Closed
100%
Task Description

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.

https://security-tracker.debian.org/tracker/CVE-2018-14354

PackagesAnySecurity IssueVery HighCritical [vlc] CVE-2017-17670 Closed
100%
Task Description

Description:

  • In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.

Additional info:
* package version(s)

  • 2.2.6-1.hyperbola1

* config and/or log files etc.

  • None

Steps to reproduce:

  • Run VLC
PackagesAnySecurity IssueVery HighCritical [vlc] CVE-2018-11529 Closed
100%
Task Description

Description:

  • VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

Additional info:
* package version(s)

  • 2.2.6-1.hyperbola1

* config and/or log files etc.

  • None

Steps to reproduce:

  • Run VLC
Software DevelopmentGeneralImplementation RequestVery HighCriticalPOWER (ppc64le) portingDeferred
0%
Task Description

The unfortunate reality is that x86 computers come encumbered with built-in low-level backdoors like the Intel Management Engine , as well as nonfree boot firmware. This means that users can’t gain full control over their computers, even if they install a free operating system such as Hyperbola GNU/Linux-libre .

Hyperbola is working hard to fix these issues and getting closer every day, but for the time being, this is why many current Respects Your Freedom (RYF) offerings are refurbished older devices.

For the future of free computing, we need support architectures that do not come with such malware pre-installed, and the Power9-based Talos II promises to be a great architecture example for workstations and servers environments where Hyperbola is focused since is a fully free long-term support distribution.

Devices like this are the future of computing that Respects Your Freedom and for that reason it’s a high priority for Hyperbola port all packages for the POWER architecture (power64le).

NOTE: POWER porting is focused only for Hyperbola GNU/Linux-libre .

PackagesAnyFreedom IssueVery HighCritical [man-pages] contains nonfree POSIX manual pages Closed
100%
Task Description

Description:

  • Arch distributes a version of man-pages with manual pages from the POSIX standard. The man-pages project is permitted to distribute them and Andries Brouwer assumes that re-distribution by vendors is permitted as well. However, modification is definitively not allowed, hence this contribution by The Institute of Electrical and Electronics Engineers and The Open Group render the entire man-pages package nonfree. The way to solve it is remove all nonfree POSIX manual pages from man-pages package.

Additional info:
* package version(s)

  • 4.11-1

* config and/or log files etc.

  • License file (POSIX-COPYRIGHT):
The Institute of Electrical and Electronics Engineers (IEEE) and
The Open Group, have given us permission to reprint portions of
their documentation.

In the following statement, the phrase ``this text'' refers to
portions of the system documentation.

Portions of this text are reprinted and reproduced in electronic form
from IEEE Std 1003.1, 2013 Edition, Standard for Information Technology
-- Portable Operating System Interface (POSIX), The Open Group Base
Specifications Issue 7, Copyright (C) 2013 by the Institute of Electri-
cal and Electronics Engineers, Inc and The Open Group.  (This is
POSIX.1-2008 with the 2013 Technical Corrigendum 1 applied.) In the
event of any discrepancy between this version and the original IEEE and
The Open Group Standard, the original IEEE and The Open Group Standard
is the referee document.  The original Standard can be obtained online
at http://www.unix.org/online.html .

This notice shall appear on any product containing this material.

Redistribution of this material is permitted so long as this notice and
the corresponding notices within each POSIX manual page are retained on
any distribution, and the nroff source is included. Modifications to
the text are permitted so long as any conflicts with the standard
are clearly marked as such in the text.

Steps to reproduce:

  • See license in /usr/share/licenses/man-pages/POSIX-COPYRIGHT
PackagesAnySecurity IssueHighCritical [python2] heap-overflow vulnerability CVE-2018-1000030 Closed
100%
Task Description

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3→Malloc→Thread1→Free’s→Thread2-Re-uses-Free’d Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.

https://security-tracker.debian.org/tracker/CVE-2018-1000030

PackagesAnySecurity IssueHighCritical [geth] possible denial of service attacks "DoS Attack" Closed
100%
Task Description

Geth 1.6.x contains possible denial of service attacks “DoS Attack”, however it has been solved in 1.7.2 [0] instead. Since 1.6.x needs many modifications spread across multiple files of the code and it is inefficient to be backported, the newer version (eg. 1.7.x) could replace the current version package as exception, but repackaged with the appropriate suffix “-backports”.

PackagesAnyPrivacy IssueHighCritical [deepin-desktop-base] Check for CNZZ Spyware Closed
100%
Task Description

As per a recent discovery, we should check if our deepin is affected by the CNZZ spyware in the AppStore.
https://www.youtube.com/watch?v=v25Dy66AtNI

We also shouldn’t use the AppStore if it exists, due to non-free apps.

Known files:
> usr/share/dbus-1/system-services/com.deepin.daemon.Apps.service
> etc/appstore.json

PackagesAnyBug ReportHighCritical [links][elinks] segmentation fault after start by termi ...Closed
100%
Task Description

Description:

  • Segmentation fault after start by terminal emulator but elinks does not crash in console. After that, it prints characters when mouse buttons pressed so it can not copy its output.

Additional info:
* package version(s)

  • links 2.14-2
  • elinks 0.13-18

* config and/or log files etc.

  • gdb output for links 2.16:
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4295e43 in strchrnul () from /usr/lib/libc.so.6
  • gdb output for elinks 0.13-18:
[New Thread 0x7ffff4dfb700 (LWP 8393)]
Thread 1 "elinks" received signal SIGSEGV, Segmentation fault.
0x00007ffff5fa3e43 in strchrnul () from /usr/lib/libc.so.6

Steps to reproduce:

  • Run links and elinks by terminal emulator
PackagesAnySecurity IssueMediumCritical [glusterfs] CVE-2018-1088: Privilege escalation via gl ...Closed
100%
Task Description

https://security-tracker.debian.org/tracker/CVE-2018-1088

http://openwall.com/lists/oss-security/2018/04/18/1

https://bugs.debian.org/896128

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.

Upstream patches: https://review.gluster.org/#/c/19899/1..2

Fixed in: https://github.com/gluster/glusterfs/releases/tag/v4.0.2

Software DevelopmentGeneralImplementation RequestDeferCriticalRISC-V (riscv64) porting + multilib supportDeferred
0%
Task Description

The unfortunate reality is that x86 computers come encumbered with built-in low-level backdoors like the Intel Management Engine , as well as nonfree boot firmware. This means that users can’t gain full control over their computers, even if they install a free operating system such as Hyperbola GNU/Linux-libre .

Hyperbola is working hard to fix these issues and getting closer every day, but for the time being, this is why many current Respects Your Freedom (RYF) offerings are refurbished older devices.

For the future of free computing, we need support architectures that do not come with such malware pre-installed, and RISC-V promises to be a great architecture example for low-power computers, laptops and embedded systems, also as ARM architecture replacement.

Devices like this are the future of computing that Respects Your Freedom and for that reason it’s a high priority for Hyperbola port all packages for the RISC-V architecture (riscv64) with multilib support.

NOTE: RISC-V porting is focused only for Hyperbola GNU/Linux-libre .

PackagesAnyFeature RequestVery HighHigh [amule] contains systemd unit files Closed
100%
Task Description

Description:

  • The Arch version of aMule from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : extra
Name            : amule
Version         : 10983-2
Description     : An eMule-like client for ed2k p2p network
Architecture    : x86_64
URL             : http://www.amule.org
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : wxgtk  gd  geoip  libupnp  crypto++  boost-libs
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 4.84 MiB
Installed Size  : 22.65 MiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Mon 23 Jan 2017 08:36:47 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
/usr/lib/systemd/system/amuled.service is owned by amule 10983-2
/usr/lib/systemd/system/amuleweb.service is owned by amule 10983-2

Steps to reproduce:

  • Install package.
PackagesAnyFeature RequestVery HighHigh [deluge] contains systemd unit files Closed
100%
Task Description

Description:

  • The Arch version of Deluge from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : extra
Name            : deluge
Version         : 1.3.14-1
Description     : A BitTorrent client with multiple user interfaces in a client/server model
Architecture    : any
URL             : http://deluge-torrent.org/
Licenses        : GPL3
Groups          : None
Provides        : None
Depends On      : python2-xdg  libtorrent-rasterbar  python2-twisted  python2-pyopenssl  python2-chardet  python2-setuptools
Optional Deps   : python2-notify: libnotify notifications
                  pygtk: needed for gtk ui
                  librsvg: needed for gtk ui
                  python2-mako: needed for web ui
Conflicts With  : None
Replaces        : None
Download Size   : 2.26 MiB
Installed Size  : 12.20 MiB
Packager        : Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
Build Date      : Tue 07 Mar 2017 12:26:40 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
/usr/lib/systemd/system/deluged.service is owned by deluge 1.3.14-1
/usr/lib/systemd/system/deluge-web.service is owned by deluge 1.3.14-1

Steps to reproduce:

  • Install package.
PackagesAnyFeature RequestVery HighHigh [gnunet] contains systemd unit file Closed
100%
Task Description

Description:

  • The Arch version of GNUnet from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : community
Name            : gnunet
Version         : 0.10.1-9
Description     : A framework for secure peer-to-peer networking
Architecture    : x86_64
URL             : http://gnunet.org
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : gmp  libgcrypt  libextractor  sqlite  gnurl  libmicrohttpd  libunistring  libidn
Optional Deps   : bluez-libs
                  python
                  glpk
                  libpulse
                  opus
Conflicts With  : None
Replaces        : None
Download Size   : 1744.61 KiB
Installed Size  : 7046.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Mon 04 Apr 2016 02:33:05 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
/usr/lib/systemd/system/gnunet.service is owned by gnunet 0.10.1-9

Steps to reproduce:

  • Install package.
PackagesAnyFeature RequestVery HighHigh [mldonkey] contains systemd unit files Closed
100%
Task Description

Description:

  • The Arch version of MLdonkey from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : community
Name            : mldonkey
Version         : 3.1.6-1
Description     : A multi-network P2P client
Architecture    : x86_64
URL             : http://mldonkey.sourceforge.net/
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : file  gd  miniupnpc  libnatpmp
Optional Deps   : librsvg: GUI support
                  gtk2: GUI support
Conflicts With  : None
Replaces        : None
Download Size   : 4.01 MiB
Installed Size  : 21.11 MiB
Packager        : Anatol Pomozov <anatol.pomozov@gmail.com>
Build Date      : Wed 25 Jan 2017 04:13:10 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
/usr/lib/systemd/system/mldonkey.service is owned by mldonkey 3.1.6-1
/usr/lib/sysusers.d/mldonkey.conf is owned by mldonkey 3.1.6-1
/usr/lib/tmpfiles.d/mldonkey.conf is owned by mldonkey 3.1.6-1

Steps to reproduce:

  • Install package.
PackagesAnyFeature RequestVery HighHigh[timidity++] contains systemd unit fileIn Progress
30%
Task Description

Description:

  • The Arch version of TiMidity++ from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : extra
Name            : timidity++
Version         : 2.14.0-7
Description     : A MIDI to WAVE converter and player
Architecture    : x86_64
URL             : http://timidity.sourceforge.net
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : libao  jack
Optional Deps   : gtk2: for using the GTK+ interface
                  tk: for using the Tk interface
                  xaw3d: for using the Xaw interface
Conflicts With  : None
Replaces        : None
Download Size   : 530.60 KiB
Installed Size  : 1431.00 KiB
Packager        : Evangelos Foutras <evangelos@foutrelis.com>
Build Date      : Thu 10 Sep 2015 12:55:38 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
/usr/lib/systemd/system/timidity.service is owned by timidity++ 2.14.0-7

Steps to reproduce:

  • Install package.
PackagesAnyFeature RequestVery HighHigh [wesnoth] contains systemd unit files Closed
100%
Task Description

Description:

  • The Arch version of Wesnoth from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : community
Name            : wesnoth
Version         : 1.12.6-4
Description     : A turn-based strategy game on a fantasy world
Architecture    : x86_64
URL             : http://www.wesnoth.org/
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : sdl_ttf  sdl_net  sdl_mixer  sdl_image  fribidi  boost-libs  pango  lua52  wesnoth-data  dbus  python2
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 4.97 MiB
Installed Size  : 22.86 MiB
Packager        : Bartłomiej Piotrowski <bpiotrowski@archlinux.org>
Build Date      : Mon 02 Jan 2017 07:52:21 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
/usr/lib/systemd/system/wesnothd.service is owned by wesnoth 1.12.6-4
/usr/lib/tmpfiles.d/wesnothd.conf is owned by wesnoth 1.12.6-4

Steps to reproduce:

  • Install package.
PackagesAnyFeature RequestVery HighHigh[sage-notebook] contains systemd unit fileIn Progress
30%
Task Description

Description:

  • The Arch version of Sage-notebook from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required. OpenRC init script replacement isn’t possible here because Sage-notebook is using a systemd unit file adapted for users instead of system users.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : community
Name            : sage-notebook
Version         : 0.13-4
Description     : Browser-based notebook interface for SageMath
Architecture    : any
URL             : http://www.sagemath.org
Licenses        : GPL3
Groups          : None
Provides        : None
Depends On      : sagemath  python2-twisted  python2-flask-oldsessions  python2-flask-openid  python2-flask-autoindex  python2-flask-babel  mathjax
Optional Deps   : python2-pyopenssl: to use the notebook in secure mode
Conflicts With  : None
Replaces        : None
Download Size   : 1625.00 KiB
Installed Size  : 9154.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Thu 04 May 2017 06:12:28 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
/usr/lib/systemd/user/sage.service is owned by sage-notebook 0.13-4

Steps to reproduce:

  • Install package.
PackagesAnyFeature RequestVery HighHigh [system-config-printer] contains systemd unit file Closed
100%
Task Description

Description:

  • The Arch version of system-config-printer from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : extra
Name            : system-config-printer
Version         : 1.5.9-2
Description     : A CUPS printer configuration tool and status applet
Architecture    : x86_64
URL             : https://github.com/zdohnal/system-config-printer
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : python-pycups  python-dbus  python-pycurl  libnotify  python-requests  python-gobject  gtk3  python-cairo
Optional Deps   : python-pysmbc: SMB browser support
                  python-packagekit: to install drivers with PackageKit
                  cups-pk-helper: PolicyKit helper to configure cups with fine-grained privileges
Conflicts With  : None
Replaces        : None
Download Size   : 908.59 KiB
Installed Size  : 7159.00 KiB
Packager        : Andreas Radke <andyrtr@archlinux.org>
Build Date      : Fri 27 Jan 2017 04:18:24 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
/usr/lib/systemd/system/configure-printer@.service is owned by system-config-printer 1.5.9-2

Steps to reproduce:

  • Install package.
PackagesAnyFeature RequestVery HighHigh[erlang-nox] contains systemd unit filesIn Progress
0%
Task Description

Description:

  • The Arch version of Erlang (headless version) from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : community
Name            : erlang-nox
Version         : 19.3-3
Description     : General-purpose concurrent functional programming language developed by Ericsson (headless version)
Architecture    : x86_64
URL             : http://www.erlang.org/
Licenses        : Apache
Groups          : None
Provides        : None
Depends On      : ncurses  openssl
Optional Deps   : erlang-unixodbc: database support
                  java-environment: for Java support
                  lksctp-tools: for SCTP support
Conflicts With  : erlang
Replaces        : None
Download Size   : 39.01 MiB
Installed Size  : 106.73 MiB
Packager        : Jan de Groot <jgc@archlinux.org>
Build Date      : Fri 28 Apr 2017 08:44:33 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
/usr/lib/systemd/system/epmd.service is owned by erlang-nox 19.3-3
/usr/lib/systemd/system/epmd.socket is owned by erlang-nox 19.3-3

Steps to reproduce:

  • Install package.
PackagesAnyFeature RequestVery HighHigh[motion] contains systemd unit fileIn Progress
0%
Task Description

Description:

  • The Arch version of Motion from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : community
Name            : motion
Version         : 4.0.1-2
Description     : A software motion detector which grabs images from video4linux devices and/or from webcams
Architecture    : x86_64
URL             : http://www.lavrsen.dk/foswiki/bin/view/Motion/WebHome
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : libjpeg  v4l-utils  ffmpeg
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 235.61 KiB
Installed Size  : 923.00 KiB
Packager        : Sergej Pupykin <pupykin.s+arch@gmail.com>
Build Date      : Mon 14 Nov 2016 02:17:55 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
/usr/lib/systemd/system/motion.service is owned by motion 4.0.1-2

Steps to reproduce:

  • Install package.
PackagesAnyFeature RequestVery HighHigh [pkgfile] contains systemd unit files Closed
100%
Task Description

Description:

  • The Arch version of pkgfile from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : extra
Name            : pkgfile
Version         : 17-1
Description     : a pacman .files metadata explorer
Architecture    : x86_64
URL             : http://github.com/falconindy/pkgfile
Licenses        : MIT
Groups          : None
Provides        : None
Depends On      : libarchive  curl  pcre  pacman
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 23.16 KiB
Installed Size  : 47.00 KiB
Packager        : Dave Reisner <dreisner@archlinux.org>
Build Date      : Tue 18 Apr 2017 05:30:59 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
/usr/lib/systemd/system/pkgfile-update.service is owned by pkgfile 17-1
/usr/lib/systemd/system/pkgfile-update.timer is owned by pkgfile 17-1

Steps to reproduce:

  • Install package.
PackagesAnyFeature RequestVery HighHigh[tinc] contains systemd unit filesIn Progress
0%
Task Description

Description:

  • The Arch version of tinc from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : community
Name            : tinc
Version         : 1.0.31-2
Description     : VPN (Virtual Private Network) daemon
Architecture    : x86_64
URL             : http://www.tinc-vpn.org/
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : lzo  openssl  zlib
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 107.42 KiB
Installed Size  : 194.00 KiB
Packager        : Evangelos Foutras <evangelos@foutrelis.com>
Build Date      : Mon 13 Mar 2017 01:06:11 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
/usr/lib/systemd/system/tinc.service is owned by tinc 1.0.31-2
/usr/lib/systemd/system/tinc@.service is owned by tinc 1.0.31-2

Steps to reproduce:

  • Install package.
Software DevelopmentGeneralImplementation RequestVery HighHigh Port Icedove to UXP platform Closed
100%
Task Description

Description:
Historically, Icedove was a re-branding of Mozilla Thunderbird by the Debian project, with minimal modifications, in order to resolve branding disputes. Debian since discontinued Icedove after reaching an agreement with Mozilla over the use of it’s trademark.

Otherwise, new Thunderbird will use Quantum, a platform that contains numerous privacy, freedom, and trademark issues, in addition to an ever expanding Google Chromium code base which breaks compatibility with previous versions. Therefore, i suggest port our current Icedove from the deprecated XUL platform to UXP one like our Iceweasel-UXP.

TODO list:

  • Remove SSL Error Reporting telemetry from installer/package-manifest.in. [0]
  • Add missing emoji browser/fonts/”TwemojiMozilla.ttf” library to UXP sources
  • Change Icedove-UXP logo typeface from the non-free “Libertad Book” to free “DejaVU Sans”.
  • Rename Icedove to Icedove-UXP in logo typeface.
  • Check “Thunderbird” remaining references.
  • Fix/adapt confvars.sh to UXP-based applications. (eg. MOZ_APP_VERSION=52.9.`date –utc ‘+%Y%m%d’`)
Software DevelopmentGeneralImplementation RequestVery HighHigh Port Iceape to UXP platform  Closed
100%
Task Description

Description:
Historically, Iceape was a re-branding of Seamonkey by the Debian project, with minimal modifications, in order to resolve branding disputes.

As of December 2013 , Iceape was no longer being maintained by the Debian project and users were encouraged to migrate to other alternatives for security patches.

However, since Seamonkey is being maintained from Thunderbird source and Hyperbola is porting Icedove to UXP platform , it could be built on the UXP platform which contains multiple security and privacy improvements.

TODO list:

  • Change Iceape-UXP logo typeface from the non-free “Libertad Book” to free “DejaVU Sans”.
  • Rename Iceape to Iceape-UXP in logo typeface.
  • Check “Seamonkey” remaining references.
  • Fix/adapt confvars.sh to UXP-based applications. (eg. MOZ_APP_VERSION=52.9.`date –utc ‘+%Y%m%d’`)
PackagesAnyFeature RequestVery HighHigh [pkgfile] contains systemd unit files Closed
100%
Task Description

Description:

  • The Arch version of pkgfile from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or create a cron job (scheduled task) to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : extra
Name            : pkgfile
Version         : 17-1
Description     : a pacman .files metadata explorer
Architecture    : x86_64
URL             : http://github.com/falconindy/pkgfile
Licenses        : MIT
Groups          : None
Provides        : None
Depends On      : libarchive  curl  pcre  pacman
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 23.16 KiB
Installed Size  : 47.00 KiB
Packager        : Dave Reisner <dreisner@archlinux.org>
Build Date      : Tue 18 Apr 2017 05:30:59 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
/usr/lib/systemd/system/pkgfile-update.service is owned by pkgfile 17-1
/usr/lib/systemd/system/pkgfile-update.timer is owned by pkgfile 17-1

Steps to reproduce:

  • Install package.
PackagesAnyFeature RequestHighHigh [aircrack-ng] rebuild package against libressl Closed
100%
Task Description

Rebuild package against libressl, since it depends on openssl.

$ pacman -Si aircrack-ng
Repository      : community
Name            : aircrack-ng
Version         : 1.2rc4-4
Description     : Key cracker for the 802.11 WEP and WPA-PSK protocols
Architecture    : x86_64
URL             : https://www.aircrack-ng.org
Licenses        : GPL2
Groups          : None
Provides        : aircrack-ng-scripts
Depends On      : openssl  sqlite  iw  net-tools  wireless_tools  ethtool
Optional Deps   : None
Conflicts With  : aircrack-ng-scripts
Replaces        : aircrack-ng-scripts
Download Size   : 375.88 KiB
Installed Size  : 1627.00 KiB
Packager        : Jonathan Steel <jsteel@archlinux.org>
Build Date      : Mon 27 Mar 2017 04:13:22 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnyFeature RequestHighHigh [android-tools] rebuild package against libressl Closed
100%
Task Description

Rebuild package against libressl, since it depends on openssl.

$ pacman -Si android-tools
Repository      : community
Name            : android-tools
Version         : 7.1.2_r6-1
Description     : Android platform tools
Architecture    : x86_64
URL             : http://tools.android.com/
Licenses        : Apache  MIT
Groups          : None
Provides        : None
Depends On      : openssl  pcre
Optional Deps   : python: for mkbootimg script
Conflicts With  : None
Replaces        : None
Download Size   : 202.90 KiB
Installed Size  : 611.00 KiB
Packager        : Anatol Pomozov <anatol.pomozov@gmail.com>
Build Date      : Mon 24 Apr 2017 11:39:51 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnyFeature RequestHighHigh [apache] rebuild package against libressl Closed
100%
Task Description

Rebuild package against libressl, since it depends on openssl.

$ pacman -Si apache
Repository      : extra
Name            : apache
Version         : 2.4.25-2.hyperbola2
Description     : A high performance Unix-based HTTP server, with OpenRC support
Architecture    : x86_64
URL             : https://www.apache.org/dist/httpd
Licenses        : APACHE
Groups          : None
Provides        : None
Depends On      : zlib  apr-util  pcre  libnghttp2  openssl
Optional Deps   : lua: for mod_lua module
                  libxml2: for mod_proxy_html, mod_xml2enc modules
                  lynx: apachectl status
Conflicts With  : None
Replaces        : None
Download Size   : 1436.89 KiB
Installed Size  : 5678.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 25 Sep 2017 09:13:27 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnyFeature RequestHighHigh [arch-audit] rebuild package against libressl Closed
100%
Task Description

Rebuild package against libressl, since it depends on openssl.

$ pacman -Si arch-audit
Repository      : community
Name            : arch-audit
Version         : 0.1.8-3
Description     : An utility like pkg-audit based on Arch CVE Monitoring Team data
Architecture    : x86_64
URL             : https://github.com/ilpianista/arch-audit
Licenses        : MIT
Groups          : None
Provides        : None
Depends On      : curl  openssl
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 584.06 KiB
Installed Size  : 1931.00 KiB
Packager        : Christian Rebischke <Chris.Rebischke@archlinux.org>
Build Date      : Thu 27 Apr 2017 12:43:21 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnyFeature RequestHighHigh [argyllcms] rebuild package against libressl Closed
100%
Task Description

Rebuild package against libressl, since it depends on openssl.

$ pacman -Si argyllcms
Repository      : community
Name            : argyllcms
Version         : 1.9.2-1
Description     : An ICC compatible color management system with support for different colorimeter hardware
Architecture    : x86_64
URL             : http://www.argyllcms.com/
Licenses        : GPL  AGPL
Groups          : None
Provides        : None
Depends On      : libtiff  libxss  libxinerama  libxxf86vm  libxrandr  openssl
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 8.44 MiB
Installed Size  : 98.79 MiB
Packager        : Timothy Redaelli <timothy.redaelli@gmail.com>
Build Date      : Tue 25 Oct 2016 12:09:46 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
Showing tasks 1 - 50 of 727 Page 1 of 151 - 2 - 3 - 4 - 5 - Last >>

Available keyboard shortcuts

Tasklist

Task Details

Task Editing